Support National Vulnerability Database (NVD)

[fraxken]

Add a new strategy to support NVD: https://nvd.nist.gov/

The API has a ratelimit but an API key can be requested here

Maybe we need to somehow thinks how to design this given API (We can take inspiration from nodejs-dependency-vuln-assessments

[fabnguess]

Hi @fraxken and @PierreDemailly .
I'd like to make sure that I haven't misinterpreted this issue. Its purpose is to call the NIST vulnerability API for each package in the current project in order to detect any known vulnerabilities in them? Below, I present my attempted approach to this subject.

async function getVulnerability(dependency) {
    const response = await fetch(
        `https://services.nvd.nist.gov/rest/json/cves/2.0?keywordSearch=${dependency}`, { headers }); 
    return response.json();
}

const vulnerability = await strategy.getVulnerability("@nodesecure/i18n");

console.log(vulnerability)

[fraxken]

@fabnguess I think you need to wait that I finish my own PR

[fabnguess]

noted

[fraxken]

We need to work on standalone API before dealing with that task (see #226)